<?

$_table = 'auth';


if (($a = (int)param('edit')) && ($DATA['object'] = datafetch('db_item', tb($_table), "id=$a"))) {


	$DATA['roles'] = datafetch_array('db_list', array('table' => tb('sec_role'), 'where' => '('.dbAndI('attr', RO_DEFAULT).')', 'order' => 'id', 'index' => 'id'));

	$DATA['sess'] = datafetch_array('db_list', array('table' => tb('sec_role, sec_sess'), 
		'where' => "sec_sess.id_user=$a AND sec_sess.id_role=sec_role.id",
		'select' => 'sec_role.id as id, sec_role.name as name',
		'order' => 'id', 
		'index' => 'id'));

	switch (action(array('editor_save'))) {
	
		case 'editor_save':
		
			if (($t = h(trim(postdata('login')))) && !datafetch('db_item', tb('auth'), "login='$t' AND id!=$a")) {	// some data received

				$temp = array('name' => trim(postdata('name')),	'login' => trim(postdata('login')));

				if ($t = trim(postdata('pass'))) $temp['pass'] = pwd($t, trim($temp['login']));
				
				dataset('db_update', tb($_table), $temp, "id=$a");

				dataset('db_delete', tb('sec_sess'), "id_user=$a");
				
				if (is_array($d = postdata('role'))) { $temp = array();

					foreach($d as $v)
						$temp[] = array('id_role' => $v, 'id_user' => $a);
						
					dataset('db_insert', tb('sec_sess'), $temp);
				}
				

			} else {	// empty data
			}
			
			header("Location: "._transformURL($CURRENT->url, array('remove_param' => 'edit')));
			exit;

			break;

	}

	// !!! fix crumbs
	$DATA['crumb'][] = array('name' => $DATA['object']['name']);
	$DATA['crumb'] = array_mark_bounds($DATA['crumb']);

} else {								// **** bad article ****

	header("Location: "._transformURL($CURRENT->url, array('remove_param' => 'edit')));
	exit;
}
